EarlyBoyer spends 16.6% of its time in cti_op_put_by_id_generic, much of it under StructureID::addPropertyTransition. A lot of this time could be removed by inline caching property transitions - the old structure ID, the new structureID, and the offset to write to (and a call to resize if needed). DeltaBlue is also somewhat affected (3.6% in put_by_id_generic) as is Raytrace, though in the case of RayTrace much of the badness could just be due to Arguments not being very clever. See bug 20813.
Created attachment 23389 [details] patch mostly by oliver with some bug fixes by me (needs ChangeLog, cleanup)
Created attachment 23406 [details] Fully implemented transition cache, now with a bonus feature: correctness
Comment on attachment 23406 [details] Fully implemented transition cache, now with a bonus feature: correctness Removing review flag, this apparently breaks gmail :-(
Comment on attachment 23406 [details] Fully implemented transition cache, now with a bonus feature: correctness Cameron lied to me, it works fine!
Comment on attachment 23406 [details] Fully implemented transition cache, now with a bonus feature: correctness I think "failuresCases" would probably be better as "failureCases". You have some extra blank lines, like CTI.cpp:1900 and Machine.cpp:2474. Perhaps sIDC would be better as structureIDChain or chain? What do you think? Other than that, r=me.
M JavaScriptCore/ChangeLog M JavaScriptCore/VM/CTI.cpp M JavaScriptCore/VM/CTI.h M JavaScriptCore/VM/CodeBlock.cpp M JavaScriptCore/VM/CodeGenerator.cpp M JavaScriptCore/VM/Machine.cpp M JavaScriptCore/VM/Machine.h M JavaScriptCore/VM/Opcode.h M JavaScriptCore/kjs/JSObject.h M JavaScriptCore/kjs/PutPropertySlot.h M JavaScriptCore/kjs/StructureID.cpp M JavaScriptCore/kjs/StructureID.h M JavaScriptCore/masm/X86Assembler.h Committed r36401